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Abstract. We propose a modal logic tailored to describe graph trans- 
formations and discuss some of its properties. We focus on a particular 
class of graphs called termgraphs. They are first-order terms augmented 
with sharing and cycles. Termgraphs allow one to describe classical data- 
structures (possibly with pointers) such as doubly-linked lists, circular 
lists etc. We show how the proposed logic can faithfully describe (i) ter- 
mgraphs as well as (ii) the application of a termgraph rewrite rule (i.e. 
matching and replacement) and (iii) the computation of normal forms 
with respect to a given rewrite system. We also show how the proposed 
logic, which is more expressive than propositional dynamic logic, can 
be used to specify shapes of classical data-structures (e.g. binary trees, 
circular lists etc.). 



1 Introduction 



Graphs are common structures widely used in several areas in computer science 
and discrete mathematics. Their transformation constitute a domain of research 
per se with a large number of potential applications [11,8,9]. There are many 
different ways to define graphs and graph transformation. We consider in this 
paper structures known as termgraphs and their transformation via rewrite rules 
[5, 10]. Roughly speaking, a termgraph is a first-order term with possible sharing 
(of sub-terms) and cycles. Below we depict three examples of termgraphs : Go is a 
classical first-order term. Gi represents the same expression as Go but argument 
X is shared. Gi is often used to define the function double double{x) — Gi. The 
second termgraph G2 represents a circular list of two "records" (represented here 
by operator cons) sharing the same content Gi. 



* This work has been partly funded by the project ARROWS of the French Agence 
Nationale de la Recherche. 
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Termgraphs allow to represent real-world data structures (with pointers) 
such as circular lists, doubly-linked lists etc [7], and rewriting allows to efh- 
ciently process such graphs. They are thus a suitable framework for declarative 
languages dealing with such complex data structures. However, while there exist 
rewriting-based proof methods for first-order terms, there is a lack of appro- 
priate termgraph rewriting proof methods, diminishing thus their operational 
benefits. Indeed, equational logic provides a logical setting for first-order term 
rewriting [4] , and many theorem provers use rewrite techniques in order to effi- 
ciently achieve equational reasoning. In [6] an extension of first-order (clausal) 
logic dealing with termgraphs has been proposed to give a logic counterpart of 
termgraph rewriting. In such a logic operations are interpreted as continuous 
functions [12, 13] and bisimilar graphs cannot be distinguished (two termgraphs 
are bisimilar if and only if they represent the same rational term). Due to that, 
reasoning on termgraphs is unfortunately much trickier than in first-order clas- 
sical logic. For example, equational theories on termgraphs are not recursively 
enumerable whereas equational theories on terms are r.e.). 

In this paper, we investigate a modal logic with possible worlds semantics 
which better fits the operational features of termgraph rewriting systems. Ter- 
mgraphs can easily be interpreted within the framework of possible worlds se- 
mantics, where nodes are considered as worlds and edges as modalities. Based 
on this observation, we investigate a new modal logic which has been tailored to 
fit termgraph rewriting. We show how termgraphs as well as rewrite rules can be 
specified by means of modal formulae. In particular we show how a rewrite step 
can be defined by means of a modal formula which encodes termgraph match- 
ing (graph homomorphism) and termgraph replacement (graph construction and 
modification). We show also how to define properties on such structures, such as 
being a list, a circular list, a tree, a binary tree. The computation of termgraph 
normal form is formulated in this new logic. In addition, we formulate invari- 
ant preservation by rewriting rules and discuss subclasses for which validity is 
decidable. 

The next two sections introduce respectively the considered class of term- 
graph rewrite systems and the proposed modal logic. In section 4 wc discuss 
briefly the expressive power of the modal logic and show particularly how graph 
homomorphisms can be encoded. In section 5 we show how elementary graph 
transformations can be expressed as modal logic formulae whareas section 6 
shows how termgraph rewriting can be specified as modal formulae. Section 7 
gives some concluding remarks. 



2 Termgraph Rewriting 



This section defines the framework of graph rewrite systems that we consider 
in the paper. There are different approaches in the hterature to define graph 
transformations. We follow here an algorithmic approach to termgraph rewriting 
[5]. Our definitions are consistent with [7]. 

Definition 21 (Graph) 

A termgraph, or simply a graph is a tuple G = {J\f, £, C7^ ,0,^ ^S^T) which consists 

of a finite set of nodes A/", a finite set of edges £, a (partial) node labelling function 
£" : A/" — 7- i7 which associates labels in ft to nodes in A/", a (total) edge labelling 
function : £ ^ T which associates, to every edge in £, a label (or feature) in 
T , a source function S : Z ^ M and a target function T : £ ^ M which specify 
respectively, for every edge e, its source iS(e) and its target Tie). 

Note that G is a first-order term if and only if G is a tree. 

AA^c assume that the labelling of edges fulfills the following additional deter- 
minism condition: Vei,e2 £ £, {S(e\) = S{e-2) and Cf^{e\) = Cf-(ei)) implies e\ = 
62- This last condition expresses the fact that for every node n there exists at 
most one edge e of label a such that the source of e is n. We denote such an 
edge by the tuple (n, a, to) where to is the target of edge e. 

Notation: For each labelled node n the fact that w = CJ^(n) is written n : oj, 
and each unlabelled node n is written as n:». This 'unlabelled' symbol • is used 
in termgraphs to represent anonymous variables, n : oj{ai ni, . . . , Ofe rife) 
describes a node n labelled by symbol uj with k outgoing edges, ei, . . . , e^, such 
that for every edge e^, >C^(ej) = Oj, >S(ej) = n and T(ej) = rij. In the sequel we 
will use the linear notation of termgraphs [5] defined by the following grammar. 
The variable A (rcsp. F and n) ranges over the set f2 (resp. and J\f) : 
TermGraph ::= Node | Node + TermGraph 
Node ::= n:A{F => Node,. . . ,F Node) \ n:» \ n 

the operator + stands for the disjoint union of termgraph definitions. We assume 
that every node is labelled at most once. The expression n:w(ni, . . . , n/c) stands 
for n:uj{l ni, . . . ,k Uk)- 

A graph homomorphism, h : G ^ Gi, where G = (Af,£,C"^,C'^,S,l') and 
Gi = {Afi,£i,£1, Cl,Si,Ti) is a pair of functions h = (ft", h"") with : M ^ Mi 
and : £ ^ £i which preserves the labelling of nodes and edges as well 
as the source and target functions. This means that for each labelled node 
TO in G, mh"{m)) = £"(to) and for each edge / in G, Cl{h%f)) = £«(/), 
5i(/i^(/)) = /i"(5(/)) and Ti{h^{f)) = /i"(r(/)). Notice that the image by /i" 
of an unlabelled node may be any node. 

Remark: Because of the determinism condition, a homomorphism /i : G — >■ 
Gi is completely defined by the function /i" : Af ^ Afi which should satisfy the 
following conditions : for each labelled node m in G, £"(/i"(m)) = £"(m) and 
for every outgoing edge from to, say {m,a,w), for some feature a and node w, 
the edge {h^{m),a,h^{w)) belongs to £\. 



Example 22 Let Bi, B2 and B3 be the following termgraphs. 



Bi : no : h 



B2 : B no : h 



Bs : no : h 



ni : g 



ni : g 



m : g 
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n2 : • 



ns : • 



712 : 



713 : • 



7i2 : 



and h and h' be two functions on nodes defined as follows: /i(nj) = ni for 
i in {0,1,2,3} and h'{ni) ~ Ui for i in {0,1,2} and h'{n;i) = n2- h defines a 
homomorphism from Bi to B2. h' defines a homomorphism from Bi to B3 and 
from B2 to -B3. There is no homomorphism from B3 to B2 or to -Bi, nor from 
B2 to Bi. 

The following definition introduces a notion of actions. Each action specifies 
an elementary transformation of graphs. These elementary actions are used later 
on to define graph transformations by means of rewrite rules. 

Definition 23 (Actions) An action has one of the following forms. 

— a node definition or node labelling n : /(oi ^ ni, . . . ,0^ ^ Uk) where 
n,ni, . . . ,nk are nodes and / is a label of node n. For i € {1, . . . , k}, Ui 
is the label of an edge, Ci, such that {£.^{ei) = Oj) and whose source is n 
{S{ei) = n) and target is node Ui {Tici) = Ui). This action, first creates a 
new node n ii n does not already exist in the context of application of the 
action. Then node n is defined by its label and its outgoing edges. 

— an edge redirection or local redirection n rn- 

where n, m are nodes and a is the feature of an edge e outgoing node n 
(<S(e) = n and C^{e) = a). This action is an edge redirection and means that 
the target of edge e is redirected to point to the node m (i.e., T(e) = m after 
performing the action n 'm)- 

— a global redirection m 

where n and m are nodes. This means that all edges e pointing to n (T(e) = 
n) are redirected to point to the node m (T(e) — m). 

The result of applying an action a to a termgraph G = (TV, £, C^.C^, S, T) is 
denoted by a [G] and is defined as the following termgraph Gi = (A/i , f 1 , £" , £^ , iSi , 
such that : 

— li a = n: f{a\ 7ii , . . . , Ofc Tife) then 

• Ni = N yj {n,ni,. . . ,nk}, 

• jCi{n) = f and jC^{m) = C"{m) if m ^ n, 

• Let E = {a \ 1 < i < k,ei is an edge such that S{ei) = n,T{ei) = 
Ui and C^{ei) = a,}. £1 = £ U E, 




Ui if e = Ci & E 



S,{e) = 
Ti{e) = 



n if e = Bi € E 
5(e) ife^E 
Hi ii e = Ci G E 
Tie) ife^E 

U denotes classical union. This means that the nodes in {n, ni, . . . , n/j} which 
already belong to G are reused whereas the others are new. 

— If a = n TTi then 

* Mi=N,ai= C\ = Si^S and 

• Let e be the edge of label a outgoing n. 
Ti{e) = m and Tiie') = Tie') if e' ^ e. 

— If a = n > m then M =J\f,jC1= £f = £^ Si = S and 

ri(e) = |'" ifr(e) = n 
I ^(^) otherwise 

A rooted termgraph is a termgraph G with a distinguished node n called 
its root. We write G = iN ^ ,T tu). The application of an action a 
to a rooted termgraph G = iN , ,S,T ,n) is a rooted termgraph Gi = 
(A/i, £^1, £" , £f , <Si, 7i, ni) such that Gi = a[G\ and root ni is defined as follows : 

— ni = n if a is not of the form p. 

— ni = p if a is of the form n':^ p. 

The application of a sequence of actions Z\ to a (rooted) termgraph G is defined 
inductively as follows : Z\[G] = G if Z\ is the empty sequence and A[G\ = A'[a[G\\ 
if zi = a; A' where ";" is the concatenation (or sequential) operation. Let h be 
a homomorphism. We denote by hiA) the sequence of actions obtained from A 
by substituting every node m occurring in A by him). 

Example 24 This example illustrates the application of actions. Let H2, 
H3, H4 and be the following termgraphs. 



Hi: m: f H2: ni: g H3 : no : h 

n2 : 712 : "3 : • "1 : 5 

712 : iT-a- 



Hi : UQ-.h 
m : g 

{b\a 

712 : "^3 : • 



He, : no : h 



711 : g 

712 : TT-s :• 



H2 is obtained from Hi by applying the action ni : <?(& => 712, a 713). ni 
is relabelled whereas 713 is a new unlabelled node. H3 is obtained from H2 by 



applying the action a = no ■ h{ni). no is a new node labelled by h. h has one 
argument ni. H4 is obtained from Ht, by applying the action rii n2- The 
effect of this action is to change the target 713 of the edge (711,0,723) by n2. i?5 
is obtained from by applying the action n^ » 7io. This action redirects the 
incoming edges of node 712 to target node no- 

Definition 25 (Rule, system, rewrite step) A rewrite rule is an expression 
of the form I — > r where I is a termgraph and r is a sequence of actions. A rule is 

written I — > (ai, . . . , a„) or ? — > ai; . . . ; a„ where the a[s are elementary actions. 
A termgraph rewrite system is a set of rewrite rules. We say that the term-graph 
G rewrites to G\ using the rule Z — >■ r iff there exists a homomorphism h : I ^ G 
and Gi = h{r)[G]. We write G -^i^r Gi, or simply G ^ Gi. 

Example 26 We give here an example of a rewrite step. Consider the following 
rewrite rule: 

Til : g{a 712 : •, 6 113 : •) ^ 7io : /i(l ni); ni 712; 7i2 » no 

The reader may easily verify that the graph H2 of Example 24 can be rewrit- 
ten by the considered rule into the graph H5 of Example 24. 

Example 27 We give here somme illustrating examples of the considered class 
of rewrite systems. We first define an operation, insert, which inserts an element 
in a circular list. 

r : insert{m : : cons{mi : •,pi)) ->■ P2 ■ cons{m,pi);pi »2 P2; r » p2 
r : insert{m : : cons{mi : •,P2))+P3 '■ cons{m2,Pi) Pa ■ cons{m,pi); 

P3 »2 Piir » P4 

As a second example, we define below the operation length which computes the 

number of elements of any, possibly circiilar, list. 

r : length{p :•)—?■ r' : length' {p,p)\r 3> r' 

r : length' {pi : nil,p2 :•)—>■ r' : 0; r » r' 

r : length' (pi : cons{n : »,P2 '■ *),P2) ^ ^' : s'ucc(O); r ^ r' 

r : length' {p\ : cons(n : •,P2 ■ »),P3 : •) r' : s{q : •);q : length' {p2,P3);r ^ r' 

Pointers help very often to enhance the efficiency of algorithms. In the fol- 
lowing, we define the operation reverse which performs the so-called "in-situ 
list reversal". 

o : reverse{p : •) ^ o' : reverse' (p, q : nil); 0^0' 

o : reverse' {p\ : cons{n : •,q : nil),p2 : •) pi ^2 P2', o ^ pi 

o : reverse'{p\ : cons{n : •,P2 ■ cons{m : ",^3 : •),P4 : •) — > pi ^2 P4', 

o »i P2; o »2 Pi 



The last example illustrates the encoding of classical term rewrite systems. 
We define the addition on naturals as well as the function double with their usual 
meanings. 

r : +(n : 0, m : •) — > r ;» m 

r : +{n : succ{p : •), m : •) — > g : succ{k : +{p, m)); r ^ q 
r : double{n : •) ^ q : +{n,n);r ^ q 



3 Modal logic 

It is now time to define the syntax and the semantics of the logic of graph 
modifiers that will be used as a tool to talk about rooted termgraphs. 

3.1 Syntax 

Like the language of propositional dynamic logic, the language of the logic of 

graph modifiers is based on the idea of associating with each action a of an 
action language a modal connective [a]. The formula [a\<p is read "after every 
terminating execution of a, <p is true". Consider, as in section 2, a countable 
set T (with typical members denoted a, b, etc) of edge labels and a countable 
set i? (with typical members denoted w, tt, etc) of node labels. These labels are 
formulas defined below. A node labeled by tt is called a tt node. 

Formally wc define the set of all actions (with typical members denoted a, 
/3, etc) and the set of all formulas (with typical members denoted <j), tp, etc) as 
follows: 

- a ::= a I /7 I n I n I 0? I (w 0) I (u; :=i </.) | (a+ (</.,V')) | (a- (</.,V')) I 
(a;/3) I (aU/3) |a*, 

- (</.VV) | [a\(t>. 

We adopt the standard abbreviations for the other Boolean connectives. More- 
over, for all actions a and for all formulas 0, let {a)(j) be ^[aj^t/). As usual, we 
follow the standard rules for omission of the parentheses. An atomic action is 
either an edge label a in J^, the universal action U, a test (f)l or an update action 
n, n, oj ■.=g 0, uj -.—i (f), a+ {(f>,ip) or a — {(f), U reads "go anywhere", n reads 
"add some new node", n reads "add some new node and go there", u) •.=g <j) 
reads "assign to co nodes the truth value of (p everywhere (globally)", co (p 
reads "assign to w the truth value of (p here (locally)" , a + {cp, ijj) reads "add 
a edges from all (p nodes to all tp nodes" , and a — {(p, tp) reads "deletea edges 
from all <p nodes to all ip nodes". Complex actions are built by means of the 
regular operators ";" , "U" and "*" . An update action is an action without edge 
labels and without U. An update action is :=(-free if no local assignment w :=( (p 
occurs in it. 



3.2 Semantics 



Like the truth-conditions of the formulas of ordinary modal logics, the truth- 
conditions of the formiilas of the logic of graph modifiers is based on the idea of 
interpreting, within a rooted termgraph G = {J\f, £, <S, T, no), edge labels 

in by sets of edges and node labels in f2 by sets of nodes. In this section, we 
consider a more general notion of node labeling functions of termgraphs 
such that nodes can have several labels (propositions). In this case the labeling 
function has the following profile : Af — )• V{ fi). Node labeling functions 
considered in section 2 where a node can have at most one label is obviously a 
particular case. Let Iq be the interpretation function in G of labels defined as 
follows: 

- lG{a) = {eee: C^{e) = a), 

- Ig{uj) = {n&N:uj& £"(n)}. 

For all abstract actions a, let Roia) = {(^1,712): there exists an edge e G laio-) 
such that S(e) = ni and T(e) = 77.2} be the binary relation interpreting the 
abstract action a in G. The truth-conditions of the formulas of the logic of 
graph modifiers are defined by induction as follows: 

- G 1= w iff no € /g(w), 

-G^±, 

- G h iff G ^ 0, 

- G ^ <j)V i> iS G \= (j) or G \= i), 

- G 1= [«](/> iff for all rooted termgraphs G' = (A/"', £"',5', V, n'o), if G 
— G' then G' \= (f) 

where the binary relations — >a are defined by induction as follows: 

- G -^a G' iff Af' =M,S' = £, = = £^ S' =S,T' = T and 

(no, no) € Raia), 

- G G' iff Af' =Af,£' = £, = £«' = £% S' = S,T' = T, n'o 

= no and G' |= 4>, 

- G G' iff JV' ^Af,£' = £, £"' = £", £<=' ^ £^ S' = S and V = T, 

- G — >n G' iff TV' = TV" U {11.1} where ni is a new node, £' = £, £"'(m) = 
£"(m) if m ^ m, £"'(ni) = 0, £^' = £% S' = S,T' = T and n[, = no, 

- G — >•„ G' iff TV' = TV U {ni} where ni is a new node, f ' = f , £"'(m) = 
£"(to) if to ^ ni, £"'(ni) = 0, £<=' = £^ 5' = 5, T' = T and n[, = ni, 

- G ^c.:=«0 G' iff A/"' = A/-, £•' = £"'(to) = if (TV,£:,£",£^<S,r,TO) ^ 
(?!)} then £"(to) U {w} else £"(to) \ {w}, £^' = £^ S' = S,T' = T and n^ 
= no, 

- G ^a;:=,0 G' iff A^' ^ M , £' = £, £"'(no) = ff (AA, £:,£",£«, 5, r, no) ^ 
<?i then £"(no) U {w} else £"(no) \ {w}, £"'(to) = £"(to) ff to 7^ no, £*=' = 
£^, S' = S, T' — T and ng = no, 

- G^„+(^,^) G' iff A/-' = AT, £:' = £:u{(ni,a,n2) : (A/", £, £", £^ 5, T, m) ^ 
(/) and (TV,£,£",£^5,r,n2) |= V}, -C"' = £", £^'(e) = ff e G £ then 
C'^{e) else a, 5'(e) = if e G £ then iS(e) else e is of the form (ni,a, n2) and 
<S'(e) = ni, T' = if e G f then T(e) else e is of the form (ni,a, n2) and 
T'(e) = n2 and no = no, 



- G'-^,_(^,^) G'lQN' =N,£' =£\{{m,a,n2) : (AT, f, £^ 5, T, ui) ^ <^ 
and (A/',£:,£",£^5,r,^^2) H V'}, = £^'(e) = £^(e), S' =S,T' = 
T and riQ = no, 

- G G' iff there exists a rooted termgraph G" = (Af", , S", T", n^') 
such that G ^„ G" and G" G', 

- G G' iff G — ^„ G' or G — G', 

- G— >„* G' iff there existsasequence G(o) = (AA(o),f(o)^£n(o)^£e(o)^^(o)^-y-(o)^^(o)^^ 

gW = (ArW,fW, £^W,<SW,rW, 4''^) of rooted termgraphs 
such that G*^") = G, G^*^^ = G' and for all non-negative integers i, if i < 
k then G(') — G(^+i). 

The above definitions of formulas reflect our intuitive understanding of the ac- 
tions of the language of the logic of graph modifiers. Obviously, G ^ {a)(f> iff there 
exists a rooted termgraph G' = (A/"', £\ jC^' , C^' , 5', T', Uq) such that G — >a G' 
and G' |= </>. The formula ^ is said to be valid in class C of rooted termgraphs, in 
symbols C |= </>, iff G ^ for each rooted termgraph G = {Af, £, S, T, no) 

in C. The class of all rooted termgraphs will be denoted more briefly as Caii- 

3.3 Validities 

Obviously, as in prepositional dynamic logic, we have 

- Call h [0?]V^O(0^V'), 

- Call h [a;l3](f>^ N[/3]0, 

- Call h [aUP]<P ^ [a](t>A[p](j>, 

- Cm \= [a*]cl)^cj)A[a][a*]cl). 

If a is a :=i-free update action then 

- Call h ^ ^, 

- Call \= ^ 

- Cm \= [a]{<f>Vi)) ^ [a]<f>V[a]i}. 

The next series of equivalences guarantees that each of our :=;-free update ac- 
tions can be moved across the abstract actions of the form a ov U: 



— Call 


h 


[n][a]4> ^ [a][n](j), 




- Call 


N 


[n][C/]0O [n]0A[C/][n](A, 




- Call 


h 


[n][a](j) O T, 




— Call 


h 


[n][U]cl)^[n](PA[U][n]cj), 




— Call 


h 


[uj :=g (l>][a]ip O [a][uj :=g (/)](/), 




— Call 


h 


[w:=g0][C/]Vo [C/][w:=g 




— Call 


h 


[«+((/), V)][6]x ^ [b][a+{(p, ip)]x iiay^b and Ca/; 


^[a+{cf>,i,)][b]x^ 


[b][a + 


(0, V)]x A (</> ^ [i7] (V' ^ [a + (<^, V)]x)) if a = 6, 




— Call 


N 


[a + (</),V)][[/]x^[C/][« + (</',^)]x, 




— Call 


h 


[a - ((/), V')] [&]x ^ [b] [a - (0, i/')]x if a 7^ and Caii 


\=[a-{cf>,i,)][b]x^ 



{-.4> A [b\[a - ^)]x) V A ^ [a - (<^, V')]x)) H a = b, 

- Cm N [« - (<^, V')][C/]X ^ - (0,V')]x- 



Finally, once we have moved each of our :=;-free update actions across the ab- 
stract actions of the form a or U, these update actions can be eliminated by 
means of the following equivalences: 

- Call h ^ 

- Call h ^ ^> 

- Call h ['^ '=9 '/>]7r -H- TT if W ^ TT and Call \= —g 4>]n 'Ir^ (f) if U = TT, 

- Call 1= [a + (0, 'ip)]uj ^ UJ, 

- Call h [« - (07 "0)]^ O W. 

Proposition 31 For all ■.=i-free *-free formulas (p, there exists a :=i-free *-free 
formula tp without update actions such that Caii \= (j) ip. 

Proof. See the above discussion. 



Just as for :=;-free update actions, we have the following equivalences for the 
update actions of the form u> :=i 4>: 

- Call h [w 0]± O ±, 

- Call h '=1 0]~'V' ^ ~^['^ -=1 0]V'> 

- Call h :=/ (t>]{^ V x) ^ [w :=/ <j)]^p V [w (l)\x, 

- Call \= [u) -.=1 (j)\iT O TT if w ^ TT and Call \= [w :=g 0]7r O </) if a; = tt. 

But it is not possible to formulate reduction axioms for the cases \u) 0][a]'^ 
and [uj :=[ (f>][U]tp. More precisely, 

Proposition 32 There exists a * -free formula (j) such that for all *-free formulas 

ip without update actions, Caii ^ (p 'ip. 

Proof. Take the *-free formula </> = [w :=g -L][i7][w :=j T][a]-iw. The reader may 
easily verify that for all rooted termgraphs G = {Af, £, <S, T, no), G \= cp 

iff Rcia) is irrcflcxivc. Seeing that the fact that the binary relation interpreting 
an abstract action of the form a is irreflexive cannot be modally defined in 
propositional dynamic logic, then for all formulas tp without update actions. Call 
^(p^tp. 



3.4 Decidability, axiomatization and a link with hybrid logics 

Firstly, let us consider the set L of all :=(-free *-free formulas (p such that Caii 
\= (p. Together with a procedure for deciding membership in *-free propositional 
dynamic logic, the equivalences preceding proposition 31 provide a procedure for 
deciding membership in L. Hence, membership in L is decidable. 

Secondly, let us consider the set L{:=i) of all *-free formulas (p such that Caii 
\=: (p. Auchcr et al. [3] have defined a recursive translation from the language of 
hybrid logic [2] into the set of all our *-free formulas that preserves satisfiability. 
It is known that the problem of deciding satisfiability of hybrid logic formulas 



is undecidable [1, Section 4.4]. The language of hybrid logic has formulas of the 
form @i(j> ("(/) is true at i"), @x(f> {"4> is true at x") and Ix.cj) {"(j> holds after x is 
bound to the current state"), where NOM = {ii, . . .} is a set of nominals, and 
SVAR = {xi, . . .} is a set of state variables. The (slightly adapted) translation 
of a given hybrid formula 0o is recursively defined as follows. 



t{oj) 


= U) 


r{i) 


= LUi where uji does not occur in (f>o 


t{x) 


= Wx where oj^ does not occur in 


rh<t>) 


= M<t>) 


T{(p\/lp) 


- T{cb) V r(V') 


rim 


= Mr{^) 




= [U]ri<l>) 




= {U){u:,ATm 




= (C/)(w,Ar(<^)) 


t{Ix.(I)) 





As the satisfiability problem is undecidable in hybrid logic, membership in L(:=i) 
is undecidable, too. 

Thirdly, let us consider the set L{*) of all :=;-free formulas (f) such that Caii 
\= 0. It is still an open problem whether membership in L{*) is decidable or not: 
while the update actions can be eliminated from :=;-free formulas, it is not clear 
whether this can be done for formulas in which e.g. iterations of assignments 
occur. 

As for the axiomatization issue, the equivalences preceding proposition 31 

provide a sound and complete axiom system of L, whereas no axiom system of 
L{:=i) and L{*) is known to be sound and complete. 

4 Definability of classes of termgraphs 

For all abstract actions a, by means of the update actions of the form uj :=i (f), 
we can express the fact that the binary relation interpreting an abstract action 
of the form a is deterministic, irrcflcxivc or locally reflexive. More precisely, for 
all rooted termgraphs G = (TV, £, C^jL^, S, T, no), 

— G^[uj ■.=g ±][7r :=g ±][U][uj T][a][7r :=i T][U]{uj ^ [a]7r) iff Raia) is 
deterministic, 

— G \= [cj —g A-][U][uj :=i T][a]-iw iff Rg{o) is irreflexive, 

— G \= [lo :=g A-][u) :=i T]{a)LO iff Raid) is locally reflexive in no. 

Together with the update actions of the form w (f), the regular operation 
"*" enables us to deflne non-elementary classes of rooted termgraphs. As a flrst 
example, the class of all inflnite rooted termgraphs cannot be modally deflned 
in prepositional dynamic logic but the following formula pins it down: 



- [uj:=g T][{U;iJ?;cj:=i ±)*]{U)iJ. 



As a second example, take the class of all a-cycle-free rooted termgraphs. It can- 
not be modally defined in propositional dynamic logic but the following formula 
pins it down: 

As a third example, within the class of all a-deterministic rooted termgraphs, the 
class of all o-circular rooted termgraphs^ cannot be modally defined in proposi- 
tional dynamic logic but the following formula pins it down: 

- [^:=,±][C/][w:=z -T]{a+)u. 

Now, within the class of all rooted termgraphs that are both a- and 6-deterministic, 
the class of all (a < h) rooted termgraphs ^ cannot be modally defined in propo- 
sitional dynamic logic but the following formula pins it down: 

- [w :=g _L] [w :=i T] [tt ■.=g _L] [tt :=; T] [{{U ; w?; a; -.w?; uj -.=1 T); (f/; tt?; b; -.tt?; tt := 
T)mU){nA[b]±)^{U){ujA[a]±)). 

Finally, within the class of all finite (a U 6)-cyclc-frcc (a, &)-dctcrministic rooted 
termgraphs, the class of all (a, 6)-binary rooted termgraphs cannot be modally 
defined in propositional dynamic logic but the following formula pins it down: 

- [uj T]H[^ T][(a U 6)1 [tt :=, ±][U]{uj ^ [b][{a U br]n) . 

Most important of all is the ability of the language of the logic of graph modifiers 
to characterize finite graph homomorphisms. 



Proposition 41 Let G = {Af,£,C",C^,S,T,no) be a finite rooted termgraph. 
There exists a *-free action aa and a *-free formula such that for all finite 
rooted termgraphs G' = (TV', f, /I*^', <S', T', ng), G' \= {aG)4'G iff there exists 
a graph homomorphism from G into G' . 

Proof. Let G = (A/", 5, 5, 7", no) be a finite rooted termgraph. Suppose 

that J\f = {0, . . . , A^ — 1} and consider a sequence (ttq, . . . , ttn-i) of pairwise 
distinct elements of 1?. Each tt, will identify exactly one node of Af, and ttq will 
identify the root. 

We define the action ac and the formula (j)G as follows: 

- Pg = ("'o :=<; -L); • • • ; (ttat-i —g -L), 

— for all non-negative integers i,iii < N then 7^ = (-ittqA. . .A-i7rj_i)?; (tTj :=; 
T);C/, 

^ In an a-circular rooted termgraph for every node n there is an i and there are ai, 
. . .an such that a — ai — Un and Uk is related to Uk+i by an edge labelled a, for all 
k<i. 

* Rooted termgraphs are termgraphs where the path obtained by following feature b 
is longer than or equal to the path obtained by following feature a. 



- for all non-negative integers i, if i < N then tp^ = if £"(«) is defined then 
(C/)(7ri A£"(i)) else T, 

- for all non-negative integers if i, j < N then Xg — if there exists an 
edge e £ £ such that <S(e) = i and T(e) = j then (i7)(7r, A {C''{e))iTj) else T, 

The reader may easily verify that for all finite rooted termgraphs 

G" = iAf',£',C''',C''',S',T',n'o), G' \= {aG)(l)G iff there exists a graph homo- 

morphism from G to G' . 

5 Definability of transformations of termgraphs 

In this section we show how elementary actions over termgraphs as defined in 
Section 2 can be encoded by means of formulas of the proposed modal logic. Let 
aa be the action defined as follows: 

- aa = {uj ■.=g -L);(a; T);(7r :=g _L); (tt :=g (a)a;); (a - (T, w)); n; (w :=g 
±)\(u;:=i T);(a+(^,w)). 

The reader may easily verify that for all rooted termgraphs 
G = (AA,£:,£",£^>S,r,r^o) and G' = (A^', f r^', 5', T', n[,), G G' 
iff G' is obtained from G by redirecting every a-edge pointing to the current root 
towards a freshly created new root. Hence, together with the update actions n, 
n, (jj •.=g (j), CO :=[ (j), a + {(j), ip) and a—{(j), tp), the regular operations "U" and 
"*" enable us to define the elementary actions of node labelling, local redirection 
and global redirection of Section 2. Let us firstly consider the elementary action 
of node labelling: n : /(ai ^ ni, . . . , =^ n^). Applying this elementary action 
consists in redirecting towards nodes ni, . . ., nu the targets of ai-, . . ., ak- edges 
starting from node n. It corresponds to the action nl{n : /(oi ni, . . . , Ofc 
rife)) defined as follows: 

- nl{n : /(ai =J> ni, . . . , ^ Uk)) = ?7;7r„?; (/ :=i T); (ai+(7r„, 7r„ J); . . . ; (afe + 
(7r„,7r„J). 

where the tt^'s are as in the proof of Proposition 41. The reader may eas- 
ily verify that for all rooted termgraphs G = (A/", £, Z^'', 5, T, no), G' = 
(AT', 5', r',n(,), G ^nKn:f(a,^n„...,a,^n,y) G' iff G' is obtained 
from G by redirecting towards nodes ni, . . ., the targets of ai-, . . ., Cfe- edges 
starting from node n. Let us secondly consider the elementary action of local 
redirection: n 3>o m. Applying this elementary action consists in redirecting 
towards node rn the target of an a-cdge starting from node n. It corresponds to 
the action lr{n, a, m) defined as follows: 

- lr{n, a, m) = (a - (7r„, T)); (a + (7r„, tt™)). 

The reader may easily verify that for all rooted termgraphs G = (TV, 5, 5, T, no), 

G' = (A/'',f',/:"',£^',5',r',n(,), G — >(r.(„,a,m) G' iff G' is obtained from G by 
redirecting towards node m the target of an a-edge starting from node n. Let us 



thirdly consider the elementary action of global redirection: n »^ m. Applying 
this elementary action consists in redirecting towards node n the target of every 
a-edge pointing towards node m. It corresponds to the action gr{n, a, m) defined 
as follows: 

- gr{n, a, m) = (Aa :=g -L); (A,, ■.=g {a}TTn); (a - (T, 7r„)); (a + {Xa,TTm))- 

The reader may easily veriiy that for all rooted termgraphs G = (TV, £, C^,C^, S, T, no), 
G' = (A/"', S', V, n'o), G -^gr{„,a,m) G' iff G' is obtained from G by 

redirecting towards node n the target of every a-edge pointing towards node m. 

To redirect towards n the target of all edges pointing towards m, the action 

gr{n, a, m) can be performed for all a G We get gr(n, m) = /\ gr{n, a, m). 

aeJ^ 

6 Translating rewrite rules in modal logic 

Now we are ready to show how termgraph rewriting can be specified by means 
of formulas of the proposed modal logic. 

Let G —7- (ai,...,a„) be a rewrite rule as defined in Section 2, i.e., G = 
{M, £, £",£^,S, T, no) is a finite rooted termgraph and (ai, . . . , a„) is a finite 
sequence of elementary actions. We have seen how to associate to G a *-free 
action aa and a *-free formula (j)G such that for all finite rooted termgraphs G' = 
(A/"', £', C^', S', T', no), G' \= {aG)4'G iff there exists a graph homomorphism 
from G into G'. We have also seen how to associate to the elementary actions ai, 
. . ., a„ actions ai, . . ., «„. In the following proposition we show how to formulate 
the fact that a normal form with respect to a rewrite rule (generalization to a set 
of rules is obvious) satisfies a given formula (p. A termgraph t is in normal form 
with respect to a rule RiSt cannot be rewritten by means of R. Such formulation 
may help to express proof obligations of programs specified as termgraph rewrite 
rules. Let rii, . . ., be the list of all nodes occurring in ai, . . ., a„ but not 
occurring in G. The truth of the matter is that 

Proposition 61 Let ip be a modal formula. For all finite rooted termgraphs 
G' = (A/"', /I*^', 5', T', Kq), every normal form of G' with respect to G ^ 

(ai, . . . , On) satisfies (piffG' \= [{ac; ^g'^-] n; (tt^^ :=g ±); :=; T); . . . ; n; (tt^^ :=g 
-L); (7r„, -.=1 T);ai;. ..;a„)*]([aG;?f'G?]-L -)• f). 

Proof ■^=: Suppose that G' \= [(ac; 0g?; n; (tt^^ :=g _L); (7r„, :=; T); . . . ; n; (7r„^ :=g 
_L); {-jTuk '=1 T); ai; . . . ; q;„)*]([q;g; <Pg'^]-^ v)- Consider a normal form G'^^ of 
G" with respect to G ^ (04, . . . , a„). Then there exists a non-negative integer k 
and there exist finite rooted termgraphs G°, . . ., G*^ such that: 

- G° = G', 

_ Qk ^ Qnf^ 

- for all non-negative integers i, if i < k then Gj — >G->-(ai,...,a„) G^i+i- 



Hence, for all non- negative integers i, ii i < k then 

Gi ^aG;<^G?;n;(7r„^:=g_L);(7l-„i:=,T);...;n;(7r„j^:=g_L);(7l-„j^~,T);ai;...;Q„ Gj+l- MoreOVer, 

seeing that G"-^ is a normal form with respect to G — > (ai,...,a„), G"^-^ \= 
[q;g;'/'G?]-L- Since G' |= [(ac; 0G?; «; (7r„i ■■=g -L);(7r„i T); . . . ; n; (7r„j, :=g 
-L);('rnfc :=i T);ai;...;a„)*]([aG;^G?]-L then G^^ \= ip. Thus, every 

normal form of G' with respect to G ^ (ai, . . . , a„) satisfies (/?. 
=4>: Suppose that every normal form of G' with respect to G — >■ (ai,...,a„) 
satisfies (p. Let G"-'' be a finite rooted termgraph such that 

G' >-(aG;0G?;n;(7r„^:=g±);(7r„j: = ,T);...;n;(7r„j^:=g±);(7r„j^: = ,T);ai;...;a„)* and G"^ 

\= [ac; <^G?]-L- Then G"-^ is a normal form of G' with respect to G ^ (ai, . . . , a„). 
Hence, G"-^ satisfies ip. Thus, G' ^ [{ac; 4>G^-; n; (7r„i :=g ±); (7r„i T); . . . ; n; ( 
-L); {T^rik -=1 T); ai; . . . ; Q!n)*]([Q!G; ^G^]-i- ^ i^)- 



In other respects, the following proposition shows how an invariant ip of a rewrite 
rule can be expressed in the proposed logic. 

Proposition 62 Let ip be a m,odal formula. The rewrite rule G — > (ai, . . . , a„) 
strongly preserves ip iff ^ ^ [ac] (pG^l n; (7r„i :=g ±); T); . . . ; n; {wn^ : 

-L); {T^n^ ~i T); ai; . . . ; a„](p. 

Proof. <S=: Suppose that ^ -J> [aG; <^G?; (7i"„i :=g -L); (7r„i T); . . . ; n; (7r„j^ 
±); {'Knk '—i T); ai; . . . ; an]95- Lt;t G', G" be finite rooted tcrmgraphs such that 
G' \= ip and G' ->G^(ai,...,a„) G". Then G' |= [acl^G?;"; (tTui :=s -L); -=1 
T); . . . ; n; (7r„^ :=g ±); (7r„^ T); ai; . . . ; a„](^ and 

G ^QG;0G?;n-;('n-Tii:=3i);(7r„j:=,T);...;n;(7r„^:=g±);(7r„j.:=,T);a:i;...;a;„ G . HcnCC, G 

^ ip. Thus, the rewrite rule G — ^ (ai, . . . , a„) strongly preserves (p. 

=>: Suppose that the rewrite rule G ^ (ai, . . . , a„) strongly preserves (p. Let G', 

G" be finite rooted termgraphs such that G' \= (p and 

G" >aG:<*G?;".;(7r„^: = ,-L):(Tr„i:=iT);...;n;(7r„j^:=g±);(Tr„^:=iT);Qi;...;a„ G"'. Then G' -^Q 

G" and G" ^ ip. Thus, |= t/? ^ [ac; 0g?; n; {-Km :=g -L); (7r„i T); . . . ; n; (7r„j^ : 
-L); (^rifc :=; T); ai; . . . ; a„]<^. 



7 Conclusion 

We have defined a modal logic which can be used either (i) to describe data- 
structures which are possibly defined by means of pointers and considered as 
termgraphs in this paper, (ii) to specify programs defined as rewrite rules which 
process these data-structures or (iii) to reason about data-structures themselves 
and about the behavior of the considered programs. The features of the pro- 
posed logic are very appealing. They contribute to define a logic which captures 
faithfully the behavior of termgraph rewrite systems. They also open new per- 
spectives for the verification of programs manipulating pointers. 

Our logic is undecidable in general. This is not surprising at all with respect 
to its expressive power. However, this logic is very promising in developing new 



proof procedure regarding properties of termgraph rewrite systems. For instance, 
we have discussed a first fragment of the logic, consisting of formulas without 
relabelling actions, where validity is decidable. Future work include mainly the 
investigation of new decidable fragments of our logic and their application to 
program verification. 
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